-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsetup_server.sh
75 lines (64 loc) · 2.02 KB
/
setup_server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
GREEN='\033[0;32m'
PURPLE='\033[0;35m'
NC='\033[0m'
### Ask for a device name and check
### if config can be outputted as QR-code
echo -en "${GREEN}Choose port for VPN, 1-65535, leave blank for random: ${NC}"
read input_VPN_PORT
if [[ $input == "" ]];
then
PORT=$[ $RANDOM * 2 ]
else
PORT=$input_VPN_PORT
fi
echo -en "${GREEN}Enter your SSH port, leave blank for default [22]: ${NC}"
read input_SSH_PORT
if [[ $input_SSH_PORT == "" ]];
then
SSH_PORT="22"
else
SSH_PORT=$input_SSH_PORT
fi
SERVER_PRIVATE_IP="10.18.0.1"
### Install WireGuard and Firewall
apt update
apt --yes install wireguard
apt --yes install ufw
apt --yes install dnsutils
mkdir /etc/wireguard
### Generate server keys
wg genkey | sudo tee /etc/wireguard/server_private.key
chmod go= /etc/wireguard/server_private.key
cat /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key
SERVER_PRIVATE=$(</etc/wireguard/server_private.key)
NETWORK_DEVICE=$(ip route get 8.8.8.8 | awk -F"dev " 'NR==1{split($2,a," ");print a[1]}')
touch /etc/wireguard/wg0.conf
echo "[Interface]
PrivateKey = $SERVER_PRIVATE
Address = $SERVER_PRIVATE_IP
ListenPort = $PORT
SaveConfig = false
PostUp = ufw route allow in on wg0 out on $NETWORK_DEVICE
PostUp = iptables -t nat -I POSTROUTING -o $NETWORK_DEVICE -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on $NETWORK_DEVICE
PreDown = iptables -t nat -D POSTROUTING -o $NETWORK_DEVICE -j MASQUERADE" > /etc/wireguard/wg0.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
ufw allow $PORT/udp
ufw allow $SSH_PORT/tcp
ufw disable
ufw --force enable
ufw status
systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service
systemctl status --no-pager -l wg-quick@wg0.service
echo -en "${PURPLE}Done! Now you need to add a few peers.
Would you like to do it now [y/n]? "
read NEED_CLIENT
if [[ $NEED_CLIENT == "y" || $NEED_CLIENT == "" ]];
then
./easy_wireguard/add_client.sh
else
echo "You can add peers later by running${GREEN} ./easy_wireguard/add_client.sh ${NC}manually."
fi